Full Disclosure mailing list archives
Re: VLAN Hacking Tutorial at InfoSec Institute
From: Bob Dobbs <bobd10937 () gmail com>
Date: Thu, 8 Dec 2011 14:04:12 -0800
This tutorial just rehashes ancient techniques in a general way in spotty english.The insecurity of ARP among other issues listed are problems on any layer 2 network and have little to do with VLAN. ARP flooding to make a switch go into hub mode hasn't been an issue in decent switches for quite a few years now. The Cisco whitepaper referenced at the bottom is worth a read though because proper configuration is indeed important: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml The @Stake VLAN security whitepaper is a good read also: http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/stake_wp.pdf Most importantly, it says: "The results of @stake’s test sequences clearly demonstrate that edge technologies, including tools such as VLANs on Cisco Catalyst switches, when configured according to best- practice guidelines, can be effectively deployed as security mechanisms.” On Thu, Dec 8, 2011 at 7:19 AM, Adam Behnke <adam () infosecinstitute com>wrote:
Ever wanted to learn how to hack a VLAN? Here is a tutorial for all of you: **** ** ** http://resources.infosecinstitute.com/vlan-hacking/**** ** ** ** ** ** ** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- VLAN Hacking Tutorial at InfoSec Institute Adam Behnke (Dec 08)
- Re: VLAN Hacking Tutorial at InfoSec Institute Memory Vandal (Dec 09)
- Re: VLAN Hacking Tutorial at InfoSec Institute Nate Theis (Dec 09)
- Re: VLAN Hacking Tutorial at InfoSec Institute Bob Dobbs (Dec 09)
- Re: VLAN Hacking Tutorial at InfoSec Institute Memory Vandal (Dec 09)